General

  • Target

    8d71cc59a2b5a03906faf33065cf41d4544b67d0578fe891c80c42fc74be358e

  • Size

    426KB

  • Sample

    241115-aebznswapd

  • MD5

    37d6d85e063ae1252a2c956e51d0294f

  • SHA1

    1e663a5a1995e63f4ad1413cf408f46793165cbf

  • SHA256

    8d71cc59a2b5a03906faf33065cf41d4544b67d0578fe891c80c42fc74be358e

  • SHA512

    5d0392d68754d114044cc9ad0392459d893743896307a5533eb6ee8766081c556aad18c7fd0df2a7d7a05192e7149d6518149f99c5af111a1bb475b7dbf6551b

  • SSDEEP

    12288:41HMxOm2kAe/vPTecnAmFyCfyqbsT81u03:Gs9nn1Isyb0

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Targets

    • Target

      8d71cc59a2b5a03906faf33065cf41d4544b67d0578fe891c80c42fc74be358e

    • Size

      426KB

    • MD5

      37d6d85e063ae1252a2c956e51d0294f

    • SHA1

      1e663a5a1995e63f4ad1413cf408f46793165cbf

    • SHA256

      8d71cc59a2b5a03906faf33065cf41d4544b67d0578fe891c80c42fc74be358e

    • SHA512

      5d0392d68754d114044cc9ad0392459d893743896307a5533eb6ee8766081c556aad18c7fd0df2a7d7a05192e7149d6518149f99c5af111a1bb475b7dbf6551b

    • SSDEEP

      12288:41HMxOm2kAe/vPTecnAmFyCfyqbsT81u03:Gs9nn1Isyb0

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks